5 # This wrapper implements the SFA Registry and Slice Interfaces on PLC.
6 # Depending on command line options, it starts some combination of a
7 # Registry, an Aggregate Manager, and a Slice Manager.
9 # There are several items that need to be done before starting the wrapper
12 # NOTE: Many configuration settings, including the PLC maintenance account
13 # credentials, URI of the PLCAPI, and PLC DB URI and admin credentials are initialized
14 # from your MyPLC configuration (/etc/planetlab/plc_config*). Please make sure this information
15 # is up to date and accurate.
17 # 1) Import the existing planetlab database, creating the
18 # appropriate SFA records. This is done by running the "sfa-import-plc.py" tool.
20 # 2) Create a "trusted_roots" directory and place the certificate of the root
21 # authority in that directory. Given the defaults in sfa-import-plc.py, this
22 # certificate would be named "planetlab.gid". For example,
24 # mkdir trusted_roots; cp authorities/planetlab.gid trusted_roots/
26 # TODO: Can all three servers use the same "registry" certificate?
29 # TCP ports for the three servers
33 ### xxx todo not in the config yet
38 from optparse import OptionParser
40 from sfa.util.sfalogging import logger
41 from sfa.trust.trustedroot import TrustedRootList
42 from sfa.trust.certificate import Keypair, Certificate
43 from sfa.trust.hierarchy import Hierarchy
44 from sfa.trust.gid import GID
45 from sfa.util.config import Config
46 from sfa.plc.api import SfaAPI
47 from sfa.server.registry import Registries
48 from sfa.server.aggregate import Aggregates
51 # after http://www.erlenstar.demon.co.uk/unix/faq_2.html
53 """Daemonize the current process."""
54 if os.fork() != 0: os._exit(0)
56 if os.fork() != 0: os._exit(0)
58 devnull = os.open(os.devnull, os.O_RDWR)
60 # xxx fixme - this is just to make sure that nothing gets stupidly lost - should use devnull
61 crashlog = os.open('/var/log/httpd/sfa_access_log', os.O_RDWR | os.O_APPEND | os.O_CREAT, 0644)
65 def init_server_key(server_key_file, server_cert_file, config, hierarchy):
67 hrn = config.SFA_INTERFACE_HRN.lower()
68 # check if the server's private key exists. If it doesnt,
69 # get the right one from the authorities directory. If it cant be
70 # found in the authorities directory, generate a random one
71 if not os.path.exists(server_key_file):
72 hrn = config.SFA_INTERFACE_HRN.lower()
73 hrn_parts = hrn.split(".")
75 pkey_filename = hrn+".pkey"
77 # sub authority's have "." in their hrn. This must
78 # be converted to os.path separator
79 if len(hrn_parts) > 0:
80 rel_key_path = hrn.replace(".", os.sep)
81 pkey_filename= hrn_parts[-1]+".pkey"
83 key_file = os.sep.join([hierarchy.basedir, rel_key_path, pkey_filename])
84 if not os.path.exists(key_file):
85 # if it doesnt exist then this is probably a fresh interface
86 # with no records. Generate a random keypair for now
87 logger.debug("server's public key not found in %s" % key_file)
89 logger.debug("generating a random server key pair")
90 key = Keypair(create=True)
91 key.save_to_file(server_key_file)
92 init_server_cert(hrn, key, server_cert_file, self_signed=True)
95 # the pkey was found in the authorites directory. lets
96 # copy it to where the server key should be and generate
98 key = Keypair(filename=key_file)
99 key.save_to_file(server_key_file)
100 init_server_cert(hrn, key, server_cert_file)
102 # If private key exists and cert doesnt, recreate cert
103 if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
104 key = Keypair(filename=server_key_file)
105 init_server_cert(hrn, key, server_cert_file)
108 def init_server_cert(hrn, key, server_cert_file, self_signed=False):
110 Setup the certificate for this server. Attempt to use gid before
111 creating a self signed cert
114 init_self_signed_cert(hrn, key, server_cert_file)
118 logger.debug("generating server cert from gid: %s"% hrn)
119 hierarchy = Hierarchy()
120 auth_info = hierarchy.get_auth_info(hrn)
121 gid = GID(filename=auth_info.gid_filename)
122 gid.save_to_file(filename=server_cert_file)
124 # fall back to self signed cert
125 logger.debug("gid for %s not found" % hrn)
126 init_self_signed_cert(hrn, key, server_cert_file)
128 def init_self_signed_cert(hrn, key, server_cert_file):
129 logger.debug("generating self signed cert")
130 # generate self signed certificate
131 cert = Certificate(subject=hrn)
132 cert.set_issuer(key=key, subject=hrn)
135 cert.save_to_file(server_cert_file)
137 def init_server(options, config):
139 Execute the init method defined in the manager file
141 def init_manager(manager_module, manager_base):
142 try: manager = __import__(manager_module, fromlist=[manager_base])
143 except: manager = None
144 if manager and hasattr(manager, 'init_server'):
145 manager.init_server()
147 manager_base = 'sfa.managers'
149 mgr_type = config.SFA_REGISTRY_TYPE
150 manager_module = manager_base + ".registry_manager_%s" % mgr_type
151 init_manager(manager_module, manager_base)
153 mgr_type = config.SFA_AGGREGATE_TYPE
154 manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
155 init_manager(manager_module, manager_base)
157 mgr_type = config.SFA_SM_TYPE
158 manager_module = manager_base + ".slice_manager_%s" % mgr_type
159 init_manager(manager_module, manager_base)
161 mgr_type = config.SFA_CM_TYPE
162 manager_module = manager_base + ".component_manager_%s" % mgr_type
163 init_manager(manager_module, manager_base)
165 def sync_interfaces(server_key_file, server_cert_file):
167 Attempt to install missing trusted gids and db records for
168 our federated interfaces
170 api = SfaAPI(key_file = server_key_file, cert_file = server_cert_file)
171 registries = Registries(api)
172 aggregates = Aggregates(api)
173 registries.sync_interfaces()
174 aggregates.sync_interfaces()
177 # Generate command line parser
178 parser = OptionParser(usage="sfa-server [options]")
179 parser.add_option("-r", "--registry", dest="registry", action="store_true",
180 help="run registry server", default=False)
181 parser.add_option("-s", "--slicemgr", dest="sm", action="store_true",
182 help="run slice manager", default=False)
183 parser.add_option("-a", "--aggregate", dest="am", action="store_true",
184 help="run aggregate manager", default=False)
185 parser.add_option("-c", "--component", dest="cm", action="store_true",
186 help="run component server", default=False)
187 parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
188 help="verbose mode - cumulative")
189 parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
190 help="Run as daemon.", default=False)
191 (options, args) = parser.parse_args()
194 if config.SFA_API_DEBUG: pass
195 hierarchy = Hierarchy()
196 server_key_file = os.path.join(hierarchy.basedir, "server.key")
197 server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
199 init_server_key(server_key_file, server_cert_file, config, hierarchy)
200 init_server(options, config)
201 sync_interfaces(server_key_file, server_cert_file)
203 if (options.daemon): daemon()
204 # start registry server
205 if (options.registry):
206 from sfa.server.registry import Registry
207 r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file)
211 from sfa.server.aggregate import Aggregate
212 a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file)
215 # start slice manager
217 from sfa.server.slicemgr import SliceMgr
218 s = SliceMgr("", config.SFA_SM_PORT, server_key_file, server_cert_file)
222 from sfa.server.component import Component
223 c = Component("", config.component_port, server_key_file, server_cert_file)
224 # c = Component("", config.SFA_COMPONENT_PORT, server_key_file, server_cert_file)
227 if __name__ == "__main__":
231 logger.log_exc_critical("SFA server is exiting")